The final three lessons of this course will cover GRC - Governance, Risk, and Compliance. As we mention in the video, this is a whole sub-field within the field of cybersecurity. If you think you would enjoy defining, reviewing, and implementing security policies or delving into the expansive area of risk management, or auditing organizations to see if they are in compliance with standards, policies, and regulations, then this sub-field might be for you.
This lesson covers governance. Governance has to do with how an organization behaves. Does it follow the laws, rules, standards, and regulations that it should? How does it govern itself and keep itself in check? In the context of cybersecurity, governance means how the organization manages, protects, and makes decisions about information security.
Governance can fall into two broad categories: legal or legislation (where we must abide by the law) and corporate governance (where we must abide by our industry's standards and policies). Earlier in the course, we talked about security controls, and those largely fall into this second bucket of corporate governance. Some standards and policies are not mandated by law, but in order to operate in a given industry, you need to follow them.
In the next lesson, we will explore the subject of Risk Management. Be sure to answer the questions on the Tasks tab, then click Continue.